Move comment system secret key to environment secrets for GitHub Actions

AmazingRise / hugo-theme-diary

Moments piled up. A Hugo theme ported from SumiMakito/hexo-theme-Journal.

MIT License

568 stars 194 forks source link

Move comment system secret key to environment secrets for GitHub Actions #120

Closed hanson2010 closed 2 years ago

hanson2010 commented 2 years ago

I think putting secret key in config.toml is an insecure design, given that the project is public in most cases.

Can we move it to environment secrets for GitHub Actions?

https://github.com/[username]/[username].github.io/settings/environments

AmazingRise commented 2 years ago

Hi harson2010, Hugo is a static site generator. All the secret keys will finally be embedded into the webpages, which is accessible to the public. So I think it may not be necessary to move them into environment secrets.

Currently all the secret keys that may appear in config.toml are for comment services. If there are any other usages not applied to the cases above, please reply to me.

Thanks for your feedback.